NVIDIA NVIDIA

  1. Vendors
  2. NVIDIA

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any NVIDIA product.

RSS Feeds for NVIDIA security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in NVIDIA products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by NVIDIA Sorted by Most Security Vulnerabilities since 2018

NVIDIA Gpu Display Driver78 vulnerabilities

NVIDIA Cuda Toolkit44 vulnerabilities

NVIDIA Virtual Gpu Manager38 vulnerabilities

NVIDIA Triton Inference Server32 vulnerabilities

NVIDIA Nemo22 vulnerabilities

NVIDIA Jetson19 vulnerabilities

NVIDIA Geforce Experience18 vulnerabilities

NVIDIA Geforce14 vulnerabilities

NVIDIA Tesla13 vulnerabilities

NVIDIA Gpu Driver7 vulnerabilities

NVIDIA Megatron Lm6 vulnerabilities

NVIDIA Onyx3 vulnerabilities

NVIDIA Cumulus Linux3 vulnerabilities

NVIDIA Mlnx Os3 vulnerabilities

NVIDIA Aistore2 vulnerabilities

NVIDIA Runai1 vulnerability

NVIDIA Quadro1 vulnerability

NVIDIA Skyway1 vulnerability

NVIDIA Studio1 vulnerability

NVIDIA Titan V Firmware1 vulnerability

NVIDIA Bluefield1 vulnerability

NVIDIA Cv Cuda1 vulnerability

NVIDIA Connectx1 vulnerability

NVIDIA Igx1 vulnerability

NVIDIA Isaac Lab1 vulnerability

NVIDIA Jetson Linux1 vulnerability

Nvidia Gpu Operator1 vulnerability

NVIDIA Mellanox Os1 vulnerability

NVIDIA Metrox 21 vulnerability

NVIDIA Metrox 3 Xc1 vulnerability

NVIDIA Nsight Graphics1 vulnerability

NVIDIA Nvapp1 vulnerability

NVIDIA Nvdebug Tool1 vulnerability

Nvidia App1 vulnerability

Nvidia Container Toolkit1 vulnerability

Recent NVIDIA Security Advisories

Advisory Title Published
5747 Security Bulletin: GPU Display Driver - January 2026 January 28, 2026
5764 Security Bulletin: NVIDIA runx - January 2026 January 27, 2026
5755 Security Bulletin - CUDA Toolkit - January 2026 January 20, 2026
5761 Security Bulletin - NVIDIA Merlin - January 2026 January 20, 2026
5738 Security Bulletin: NVIDIA NSIGHT Graphics - January 2026 January 14, 2026
5749 Security Bulletin: NVIDIA Isaac Launchable - December 2025 December 23, 2025
5733 Security Bulletin: NVIDIA Isaac Lab - December 2025 December 16, 2025
5746 Security Bulletin: NVIDIA Resiliency Extension - December 2025 December 16, 2025
5736 Security Bulletin: NVIDIA NeMo Framework - December 2025 December 16, 2025
5739 Security Bulletin: NVIDIA Merlin - December 2025 December 9, 2025

By the Year

In 2026 there have been 26 vulnerabilities in NVIDIA with an average score of 7.6 out of ten. Last year, in 2025 NVIDIA had 174 security vulnerabilities published. Right now, NVIDIA is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.86.




Year Vulnerabilities Average Score
2026 26 7.63
2025 174 6.76
2024 34 6.81
2023 28 6.22
2022 43 6.72
2021 75 6.54
2020 35 6.78
2019 16 6.90
2018 7 5.50

It may take a day or so for new NVIDIA vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NVIDIA Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-33179 Feb 24, 2026
CVE-2025-33179: Privilege Escalation via NVUE Interface in NVIDIA Cumulus Linux NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
Cumulus Linux
CVE-2025-33240 Feb 18, 2026
NVIDIA Megatron Bridge: Data Shuffling Tutorial Code Injection Vulnerability NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33239 Feb 18, 2026
NVIDIA Megatron Bridge Code Injection via Data Merge Tutorial NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33253 Feb 18, 2026
NVIDIA NeMo Framework RCE via Malicious File Load NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2025-33252 Feb 18, 2026
Remote Code Execution in NVIDIA NeMo FW NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2025-33251 Feb 18, 2026
NVIDIA NeMo Framework RCE Remote Code Execution NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2025-33250 Feb 18, 2026
RCE in NVIDIA NeMo Framework NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2025-33249 Feb 18, 2026
NVIDIA NeMo Framework Voice-Preproc Script Code Injection NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33246 Feb 18, 2026
NVIDIA NeMo Framework ASR Evaluator Command Injection Vulnerability NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
Nemo
CVE-2025-33245 Feb 18, 2026
NVIDIA NeMo RCE via Malicious Data NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33243 Feb 18, 2026
NVIDIA NeMo Framework RCE via Distributed Env Exploit NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33241 Feb 18, 2026
Remote Code Execution in NVIDIA NeMo via Malicious File (CVE-2025-33241) NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33236 Feb 18, 2026
NVIDIA NeMo Code Injection Vulnerability (CVE-2025-33236) NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2026-24149 Feb 03, 2026
NVIDIA Megatron-LM script injection enables privilege escalation NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.
Megatron Lm
CVE-2025-33237 Jan 28, 2026
NVIDIA HD Audio Driver for Windows: NULL Pointer Deref That Causes DoS NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.
Geforce
CVE-2025-33220 Jan 28, 2026
CVE-2025-33220: Heap Use-After-Free in NVIDIA Virtual GPU Manager NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2025-33219 Jan 28, 2026
NVIDIA Display Driver Kernel Module Integer Overflow NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2025-33218 Jan 28, 2026
Int Overflow in NVIDIA GPU Display Driver nvlddmkm.sys NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Geforce
Tesla
CVE-2025-33217 Jan 28, 2026
UAF Vulnerability in NVIDIA Display Driver for Windows NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Geforce
Tesla
CVE-2025-33234 Jan 27, 2026
NVIDIA RunX code injection enabling code execution NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33231 Jan 20, 2026
NVIDIA Nsight Systems DLL Search Path Vulnerability (Windows) NVIDIA Nsight Systems for Windows contains a vulnerability in the applications DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.
Cuda Toolkit
CVE-2025-33230 Jan 20, 2026
Nsight Systems Linux .run Installer OS Command Injection Escalation NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
Cuda Toolkit
CVE-2025-33229 Jan 20, 2026
NVIDIA Nsight Visual Studio Monitor RCE via local privilege escalation NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
Cuda Toolkit
CVE-2025-33228 Jan 20, 2026
Nsight Systems: OS Command Injection via process_nsys_rep_cli.py NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Cuda Toolkit
CVE-2025-33233 Jan 20, 2026
NVIDIA Merlin Transformers4Rec Code Injection Vulnerability NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33206 Jan 14, 2026
NVIDIA Nsight Graphics Linux command injection NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.
CVE-2025-33222 Dec 23, 2025
Hardcoded creds in NVIDIA Isaac Launchable allow code exec & privilege escalation NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
CVE-2025-33223 Dec 23, 2025
Privilege Escalation in NVIDIA Isaac Launchable (CVE-2025-33223) NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVE-2025-33224 Dec 23, 2025
NVIDIA Isaac Laun. Priv Esc via Unnecessary Privileges NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVE-2025-33235 Dec 16, 2025
NVIDIA Resiliency Extension for Linux Race Condition in Checkpointing Core NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.
CVE-2025-33225 Dec 16, 2025
NVIDIA RE Log Aggregation Vulnerability Enables Priv Escalation NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33210 Dec 16, 2025
NVIDIA Isaac Lab Deserialization Vulnerability Enabling Code Exec NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.
CVE-2025-33226 Dec 16, 2025
NVIDIA NeMo Framework Code Injection via Malicious Data NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33212 Dec 16, 2025
NVIDIA NeMo Framework: Code Exec from Malicious Model Loading NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Nemo
CVE-2023-53893 Dec 15, 2025
Ateme TITAN File 3.9.12.4 Auth SSRF via Job Callback URL Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.
Titan V Firmware
CVE-2025-33214 Dec 09, 2025
Deserialization flaw in NVIDIA NVTabular Workflow on Linux NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33213 Dec 09, 2025
Deserialization Flaw in NVIDIA Merlin4Rec Trainer (CVE-2025-33213) NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33208 Dec 03, 2025
NVIDIA TAO Uncontrolled Search Path Resource Loading (CVE-2025-33208) NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.
CVE-2025-33211 Dec 03, 2025
Improper Quantity Validation in NVIDIA Triton Server Causing DoS NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.
Triton Inference Server
CVE-2025-33201 Dec 03, 2025
NVIDIA Triton Inference Server DoS via Improper Large Payload Check NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.
Triton Inference Server
CVE-2025-33203 Nov 25, 2025
NVIDIA NeMo Agent Toolkit UI: SSRF in Chat API NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.
Nemo
CVE-2025-33205 Nov 25, 2025
NVIDIA NeMo: Predefined Variable Inclusion Allows Code Exec NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.
Nemo
CVE-2025-33204 Nov 25, 2025
NVIDIA NeMo Framework Code Injection via Malicious NLP/LLM Data NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2025-33200 Nov 25, 2025
NVIDIA DGX Spark GB10 SROOT Firmware Reuse Vulnerability Allows Info Disclosure NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2025-33199 Nov 25, 2025
NVIDIA DGX Spark GB10 SROOT Firmware Control Flow Flaw - Data Tampering NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.
CVE-2025-33198 Nov 25, 2025
Info Disclosure via Resource Reuse in NVIDIA DGX Spark GB10 SROOT NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2025-33197 Nov 25, 2025
NVIDIA DGX Spark GB10 Null Pointer Deref in SROOT Firmware (Denial of Service) NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
CVE-2025-33196 Nov 25, 2025
Resource Reuse in SROOT Firmware of NVIDIA DGX Spark GB10 Causes Info Leak NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2025-33195 Nov 25, 2025
NVIDIA DGX Spark GB10 SROOT Firmware Buffer Overflow NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.
CVE-2025-33194 Nov 25, 2025
NVIDIA DGX Spark GB10 Firmware SROOT Vulnerability: Info Disclosure & DoS NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.